09-25-2008 07:04 AM - edited 03-03-2019 11:41 PM
Hi all,
I've this scenario:
client ---Router---web server
I'd like to configure a policy with a class that match protocol http url (NBAR) and apply it outbound towards web server on Router. The question is: does it match only the http request for that url or the reply too? I'm very confused...since I don't understand if NBAR used inspection to classify traffic in both direction..even if the policy is applied only outbound.
Can I match an url appling my policy in input?
Many thanks in advance for your support
Regards
09-25-2008 08:52 AM
Hello Gianluca,
nbar will work on only one direction depending on the direction in which you apply the service-policy that uses the class-map that calls with match protocol the NBAR feature.
Be aware that at L4
match protocol http
is able only to match traffic from client to server
=
access-list 121 permit tcp any any eq 80
the return traffic is not HTTP, here TCP 80 is the source port
access-list 122 permit tcp any eq 80 any
there was another thread about this.
I would suggest you to use it on the interface between client and router to be able to shape on the outgoing interface based on marking you do on the client-to-router interface:
two service-policy one used to mark in client to router and the other one used outbound on interface to the web server.
Hope to help
Giuseppe
09-29-2008 04:37 AM
HI Giuseppe,
thanks for your support.
Gianluca
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide